This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Khalid
Explorer
‎2021-03-11 05:50 AM

website is not dispalyed

Hi team - for some reason this website is not dispalyed. outside the gateway is working fine.

TLSv1 is disabled, but for some reason the gateway is still using TLSv1 to connect on behalve the user.

We made a https bypass, but no succes  

The exact message displyaed is:

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://lft.ema.kpmg.com again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

 

do you have any suggestion for this? thank you

Khalid

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-03-11 01:02 PM

What version/JHF level is the gateway?
Is HTTPS Inspection enabled?
What do you see in the gateway logs when you try and access the site?

0 Kudos
Khalid
Explorer
‎2021-03-11 10:45 PM
In response to PhoneBoy

Hi PhoneBoy, Tank you for reply

What version/JHF level is the gateway? >> R80.20SP/T191
Is HTTPS Inspection enabled? >>Yes enabled
What do you see in the gateway logs when you try and access the site?>> the traffic is allowed 

We observed in the TCPDUMP that the gateway is sending TLSv1 but the website is using TLSv1.2. possible the cause of the issue but not sure.

Thank you

0 Kudos
Vincent_Bacher
Advisor
Advisor
‎2021-03-11 11:03 PM
In response to Khalid

You may debug that as per sk105559

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Martin_Raska
Advisor
Advisor
‎2021-03-12 12:57 AM
In response to Khalid

You have a kinda old setup R80.20SP Take 191 (2 Dec 2019, GA from 05 Jan 2020), strongly advice to upgrade it. The website is only allowing TLS 1.2 and only one strong cipher suite

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, old GW TLS engine and old ciphers are your problem.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events